Privacy Policy

Startel International LLC (“Startel”, “we”, “us”)
Komitas Ave 46/33, Yerevan, Armenia
Effective date: 25 May 2026 · Version 2026-05-25

1. Who we are

Startel International LLC operates the VMGate Cloud platform. For portal account data (registration, login, billing contact), Startel acts as data controller. For call traffic, CDRs, recordings, and fleet telemetry processed to deliver the Service to a Tenant, Startel typically acts as a data processor on the Tenant’s instructions; the Tenant remains responsible toward its customers and end users.

2. Scope

This Policy applies to:

  • The VMGate tenant portal and related web pages.
  • API and orchestration services used to operate Tenant accounts.
  • Operational logs and security monitoring on Cloud HEAD infrastructure.

Use of VMGateClient on phones or dongles may be covered by additional in-app notices and the VMGateClient EULA. Tenant-facing privacy obligations toward the Tenant’s own customers are the Tenant’s responsibility.

3. Categories of data we process

Account & identity

  • Name, company name, email address, phone number (if provided).
  • Hashed passwords and authentication tokens.
  • Email verification and password-reset tokens.
  • Two-factor authentication secrets (when enabled).
  • Language and portal preferences.

Subscription & billing

  • Plan, entitlements, invoices, and payment status.
  • Limited payment metadata from the payment processor (e.g. transaction IDs; not full card numbers).

Service & telecom operations

  • Call detail records (numbers, timestamps, duration, routing, costs, SIP identifiers).
  • SIP signaling traces stored for troubleshooting and dispute resolution (where enabled).
  • Call recordings (audio files) when the Tenant enables recording features, subject to storage quotas.
  • VMGateClient device identifiers, mesh network membership, slot usage, and connection telemetry.
  • Location or fleet data when the Tenant enables such features.

Technical & security

  • IP addresses, user-agent strings, session identifiers, and audit logs.
  • Error logs and performance metrics necessary to operate and secure the Service.

4. Purposes & legal bases

We process personal data to:

  • Provide, maintain, and secure the Service (contract performance).
  • Authenticate users and prevent fraud or abuse (legitimate interests / legal obligation).
  • Bill subscriptions and manage entitlements (contract performance).
  • Generate CDRs, recordings, and operational records requested by the Tenant (contract / Tenant instruction).
  • Comply with legal obligations and respond to lawful requests.
  • Improve reliability and support (legitimate interests, minimized where possible).

Where GDPR or similar laws apply, we rely on the bases above as appropriate. Where consent is required (e.g. non-essential cookies), we obtain it separately — see our Cookie Policy.

5. Retention

  • Portal account data: for the life of the account and a reasonable period thereafter for legal and billing purposes.
  • CDRs and billing records: per Tenant plan, contractual requirements, and applicable law.
  • Call recordings: per Tenant-configured retention and quota; deleted or evicted when limits are reached.
  • Security logs: typically limited periods unless needed for incident investigation.

Tenants may request deletion of portal users subject to legal retention requirements.

6. Sharing & sub-processors

We do not sell personal data. We may share data with:

  • Infrastructure providers hosting Cloud HEAD (e.g. Hetzner) under contractual safeguards.
  • Payment processors (e.g. FastSpring or a bank merchant gateway, when configured) to collect subscription fees.
  • Email delivery providers (e.g. transactional email for verification and password reset).
  • ZeroTier Central or similar networking services used for VMGateClient connectivity.
  • Professional advisers or authorities when required by law.

A current sub-processor list may be provided on request to Tenant administrators. We will update this Policy when a payment processor is formally selected for production checkout.

7. International transfers

Data may be processed in Armenia and in countries where our infrastructure or sub-processors operate. Where required, we implement appropriate safeguards for cross-border transfers.

8. Security

We apply organizational and technical measures appropriate to the Service, including access controls, encryption in transit (HTTPS/TLS), hashed credentials, and operational monitoring. No method of transmission or storage is completely secure; Tenants must also protect their credentials and fleet devices.

9. Your rights

Depending on applicable law, individuals may have rights to access, rectify, erase, restrict, object to processing, or port personal data, and to lodge a complaint with a supervisory authority.

Portal users may update profile information in the portal where available. Requests regarding account data may be sent to info@startelinternational.com. Requests about call or customer traffic data should generally be directed to the Tenant (controller); Startel will assist the Tenant as processor where applicable.

10. Children

The Service is not directed at individuals under 18. We do not knowingly collect data from children.

11. Changes

We may update this Policy by posting a revised version with a new effective date. Material changes may require renewed notice or consent where required by law.

12. Contact

Startel International LLC
Komitas Ave 46/33, Yerevan, Armenia
Email: info@startelinternational.com
Phone: +374 (0)94-435-643